Privacy Policy for QRUpp, a trading name of Web Upp Limited. UK GDPR compliant explanation of how data is collected, used, and protected.
Last updated: 2nd November 2025
QRUpp (“we”, “our”, “us”) is a trading name of Web Upp Limited, registered in England & Wales (Company No. 13581536).
This Privacy Policy explains how we collect, use, and protect your personal data when you use our website, QR-code generator, URL shortener, and related tools (the “Services”). We act as a Data Controller under the UK GDPR and the Data Protection Act 2018.
1. Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email, password (hash) | Create and secure your account, provide support |
| Service Data | URLs, QR content, redirect targets | Generate and manage QR codes and short links |
| Analytics Data | Scan timestamp, device type, browser, approximate location | Provide usage statistics for your QR codes and links |
| Technical Logs | IP address, user agent, error messages | Maintain security and performance |
| Payment Data | Transaction ID, billing email, payment amount | Process payments via third-party providers (no card data stored) |
| AI Generation Input | Prompts or images you submit | Create AI-generated QR codes |
2. How We Use Your Data
- Provide, operate, and improve the Services;
- Create and manage user accounts;
- Deliver QR generation, URL shortening, and redirects;
- Display scan analytics and reports;
- Send service or billing communications;
- Detect and prevent misuse or security incidents;
- Comply with legal obligations.
We do not sell or rent personal data to any third party.
3. Legal Basis for Processing
- Contractual necessity – to provide the Services you request;
- Legitimate interest – to maintain security and analyse usage;
- Consent – where required (e.g. cookies, marketing);
- Legal obligation – to comply with law or court orders.
4. Data Retention
- Account data → retained while active, then up to 12 months post-closure.
- Scan logs → retained up to 24 months then anonymised.
- Technical logs → deleted after 90 days unless needed for security.
- AI inputs → retained less than 30 days for processing and quality review.
6. International Transfers
Where personal data is processed outside the UK/EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) for lawful transfer.
8. AI-Generated QR Codes
- Your prompts or images may be sent securely to AI services to generate results.
- Outputs are not reused for model training without your consent.
- Generated images may be stored temporarily for quality checks.
9. Your Rights (UK & GDPR)
You have the right to:
- Access your data;
- Request correction or erasure;
- Restrict or object to processing;
- Request data portability;
- Withdraw consent;
- Lodge a complaint with the ICO.
Contact us at privacy@qrupp.com. We respond within 30 days.
10. Data Security
- HTTPS/TLS encryption
- Secure password hashing
- Regular updates and backups
- Access controls and audit logging
While no system is 100% secure, we maintain industry-standard protections.
11. Children’s Privacy
Our Services are not intended for children under 16. We do not knowingly collect data from minors.
12. Changes to This Policy
We may update this Privacy Policy. The “Last updated” date shows the latest version. Material changes will be announced via the website or email.
13. Contact Us
Data Protection OfficerWeb Upp Limited (t/a QRUpp)
71-75 Shelton Street, Covent Garden, London WC2H 9JQ
Company No. 13581536
VAT No. GB429219781
Email: privacy@qrupp.com